>> Ship a device. >Meaning what, exactly? At first blush you seem to be trading one >problem for another: people don't know how to use GnuPG, so ship a >device and now they don't know how to use the device.
Ing in Netherlands distributes software (windows, mac, and linux versions) - so apparently it's easy enough for enough average joe's to figure out how to install an app. In the states, the trend of banks offering proprietary apps for smartphones is snowballing. Banks what users to take their software so bad they're offering free miles and contests to get customers to take the bait. Such an app could embed an email client that does everything the advanced users would do, and hide everything possible. Such an app could even hide the email address, and hide the fact that email is used at all, if they wanted. >To a first approximation, MBAs and bean-counters divide a business's >operations into revenue and overhead. They'll go to great lengths to >maximize revenue, and they'll go to great lengths to minimize >expenses. They're not good at it. Moreover, the nerds among them are a very different variety of nerd than that which would understand or appreciate the needs of a comp sci/math/software nerds. This is very evident in their websites, which only offer a point-click GUI interface with no shortage of marketing gloss, round corners, and flashy shit that fails when using a proper and hardened linux or unix OS with hardened browser -- ultimately insulting the intelligence of self-respecting nerds that really just want to connect over SSH and skip the BS. > Security doesn't directly generate revenue -- at best it indirectly >facilitates it, but that's difficult to quantify and plug into a >spreadsheet. That means security gets viewed as an overhead expense: >something to be minimized at all costs. The cost of securing their webserver and all the flashy shit that they compulsively upgrade on a regular basis cannot be cheap. A bank forward-thinking enough to cater to nerds with ssh for transactions and openpgp for statements would spend the least amount on security, and simultaneously achieve a more secure infrastructure than the other banks who try to keep up with the latest web animation tricks, and all the holes that this emerging junkware continues to open. >People keep on thinking in terms of "wouldn't it be nice if," but >that's not how business thinks. Business thinks in terms of, "what >will maximize revenue and minimize overhead?" Different sectors of business think differently. Bankers fear risk where it's small with respect to the gains, and then they take on stupidly risky investments when it's inappropriate. You're giving the banksters too much credit here. When it comes to security, they just want to do what the next guy is doing, and not give it another thought. >OpenPGP users account for probably less than a thousandth of all >computer users. 99.9% of all banking users have no real desire to see >OpenPGP used for their statement delivery. The average American has ~14 bank/credit card accounts. I shit you not. So it's not just one account they must "go pickup" their statement from. You could not make a convincing claim that only 0.01% of Americans would appreciate their statements *delivered* automatically. Many customers cannot cope with the manual effort of downloading all their statements, so they simply don't. They see their balance and send a payment, and let the statements rot online, and ultimately get archived and cleaned off the server. Others resort to giving all their bank usernames and passwords to a 3rd party whome they must trust, which downloads the statements for them, and then offers yet another "pickup" service (yes, these users must still login to a website, but at least it's 1 site and not 14). _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
